Effective, automated, and economical threat detection and response

Many large organizations have learned the hard way that efficient detection and response to cybersecurity incidents should have been one of the key pillars in their risk management strategies.However, building such a capacity is extremely difficult: technological and process integration is complex, and organizations typically lack people and/or skills for designing, deploying, and eventually operating cost-effective Security Operations Centers (SOC).

We help you build your SOC/SOCaaS and upskill your people

For organizations that want to deploy their internal SOC or offer it as a service (SOCaaS) on the market, NIL can help choose the right SOC technology platform and design and deploy it as well as provide skills enablement, a road map, and even joint operations.

Choosing NIL as your partner in SOC building provides you with the following benefits:

  • Cost-efficiency and leaner operations: Our approach to SOC building is based on modern security processing and workflow automation. As a result, SOC operations are significantly less time and resource consuming.
  • Accurate, fast threat detection and response: Automation also speeds up the incident detection and response times, thereby resulting in faster remediation and a lower risk of business-critical damage.
  • Overcome complexity and avoid pitfalls: NIL is extremely flexible in terms of technology choice and integration options, even in the largest environments. In most environments, the way to SOC contains many potential pitfalls, where we can use our expertise, vendor-agnostic attitude as well as experience to avoid them.
  • Field-proven approach and successful references: NIL has been engaged in CSIRT/SOC design for more than 20 years. We run our SOCaaS and have a proven track of record of other SOCs we have designed and/or built, including state-level SOCs.

Field-proven technologies, processes, and enablement

NIL provides a customized set of services that will help you establish efficient and affordable threat detection and response capabilities:

  • A deep analysis of your current risk, technology, and human environment to clearly understand your requirements.
  • The design of governance goals, processes, and the organizational fit/structure of the SOC service.
  • The design of the SOC service catalog.
  • Design of the SOC organization, governance, and processes that enable human workload balancing and leverage automation as much as possible.
  • Design of human resource onboarding processes to scale the SOC team in a flexible and timely fashion.
  • Design of the SOC technology platform that uses security automation to yield the highest time savings for your experts.
  • The design of operational processes (case management, roles, shifts, escalations, incident management, etc.) within the SOC.
  • The design and implementation of manual and automated analysis and incident response playbooks to allow fully deterministic handling of incidents.
  • The design and implementation of SOC KPIs for both SOC users and stakeholders/managers.

Power to the people

The solution also provides the key aspects of SOC team and skills building to allow you to quickly start using/offering SOC as well as give you the ability to scale the SOC services for future workloads. We provide:

  • A clear organizational structure of the SOC with defined roles based on the SOC service catalog (analysts, incident responders, threat hunters, forensic specialists).
  • A list of the required skills for each SOC team role and a road map (shadowing, mentoring, trainings, certifications) on how to achieve them.
  • The design of the onboarding process for new team members.

If you are unable to provide or ramp up the required human resources, NIL can provide an on-site or remote SOC team temporarily, either for faster time-to-market, or in a tiered architecture to provide for missing local skills.

Security Operations Center SOC Building Services2

Support for different platforms and frameworks

We are flexible in the choice of technology to support a wide range of SOC platform tools and frameworks. We typically base our SOC platform around the following key framework components:

  • A high-assurance compute-network-storage environment in which the SOC technology platform executes (secure analyst room, secure platforms, secure infrastructure, privileged identity management, high-assurance authentication, transmission protection, separation of duty, etc.)
  • A Security Automation and Orchestration (SAO) solution as the core automation and eyes-on-the-glass component of the SOC.
  • One or multiple Security Information and Event Management (SIEM) systems for event consolidation, normalization, and short-term correlation.
  • The integration of internal and external Threat Intelligence (TI) sources, and automatic correlation of TI with the local context.
  • Information sources from multiple endpoint technologies, such as EDR agents, application and OS logs, HIPS/anti-malware systems, DLP systems, vulnerability assessment and management tools, etc.
  • Information sources from multiple network technologies, such as NGFW/NGIPS/WAF appliances, network anomaly detection, NetFlow accounting, etc.
  • Information sources from specific, user- or data-focused security technologies, such as UEBA, or database monitoring/firewalling.
  • Deception technologies, such as honeypots, honeytokens, tarpits, and network sinkholes.
  • Data management tools for retention, fast searching, etc.

Our goal is to support the majority of critical information sources in customer environments as well as to provide easy-to-replace framework components that eliminate long-term lock-in to specific vendors.

More information

Feel free to reach out to discuss how to deploy effective threat detection and response capabilities in your organization.